]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7a8ce5e)
crypto/internal/hpke: use crypto/hkdf
authorqmuntal <quimmuntal@gmail.com>
Mon, 17 Mar 2025 10:43:32 +0000 (11:43 +0100)
committerQuim Muntal <quimmuntal@gmail.com>
Mon, 17 Mar 2025 20:27:50 +0000 (13:27 -0700)
The hpke package uses public-facing crypto packages except for hkdf,
which uses crypto/internal/hkdf. We already have a public hkdf package,
crypto/hkdf, so use it instead for consistency.

Change-Id: Icf6afde791234dfe24dbfba715c0891f32005ca2
Reviewed-on: https://go-review.googlesource.com/c/go/+/657556
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: David Chase <drchase@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

src/crypto/internal/hpke/hpke.go patch | blob | history

diff --git a/src/crypto/internal/hpke/hpke.go b/src/crypto/internal/hpke/hpke.go
index d8a0cc1ecbd8084425b546c12bb0be6f7a77e0d9..d451bff250a5ce40375175e08f328bb252ff53b7 100644 (file)
--- a/src/crypto/internal/hpke/hpke.go
+++ b/src/crypto/internal/hpke/hpke.go
@@ -9,7 +9,7 @@ import (
        "crypto/aes"
        "crypto/cipher"
        "crypto/ecdh"
-       "crypto/internal/fips140/hkdf"
+       "crypto/hkdf"
        "crypto/rand"
        "errors"
        "internal/byteorder"
@@ -32,7 +32,11 @@ func (kdf *hkdfKDF) LabeledExtract(sid []byte, salt []byte, label string, inputK
        labeledIKM = append(labeledIKM, sid...)
        labeledIKM = append(labeledIKM, label...)
        labeledIKM = append(labeledIKM, inputKey...)
-       return hkdf.Extract(kdf.hash.New, labeledIKM, salt)
+       prk, err := hkdf.Extract(kdf.hash.New, labeledIKM, salt)
+       if err != nil {
+               panic(err)
+       }
+       return prk
 }
 
 func (kdf *hkdfKDF) LabeledExpand(suiteID []byte, randomKey []byte, label string, info []byte, length uint16) []byte {
@@ -42,7 +46,11 @@ func (kdf *hkdfKDF) LabeledExpand(suiteID []byte, randomKey []byte, label string
        labeledInfo = append(labeledInfo, suiteID...)
        labeledInfo = append(labeledInfo, label...)
        labeledInfo = append(labeledInfo, info...)
-       return hkdf.Expand(kdf.hash.New, randomKey, string(labeledInfo), int(length))
+       key, err := hkdf.Expand(kdf.hash.New, randomKey, string(labeledInfo), int(length))
+       if err != nil {
+               panic(err)
+       }
+       return key
 }
 
 // dhKEM implements the KEM specified in RFC 9180, Section 4.1.
Go GOST TLS 1.3